Creating Keys with Public-Key Authentication Wizard

On Linux, you can use the Tectia Public-Key Authentication Wizard to generate a key pair. The wizard will generate two key files, your private key and your public key, and stores them in directory $HOME/.ssh2 on your local computer. The public key has .pub as the file extension, and the private key file has the same base file name as the public key but no file extension.

Public key pairs can also be generated with a command line tool ssh-keygen-g3. For instructions, see Creating and Uploading Keys with the Command Line Tools.

Go to /opt/tectia/bin directory. Enter:
```
$ cd /opt/tectia/bin/
```
Start the Tectia Connections Configuration GUI. Enter:
```
$ ssh-tectia-configuration
```
Go to User Authentication and select the Keys and Certificates page. Click New key.
Figure 4.2. Tectia Connections Configuration GUI, Keys and Certificates view
The Public-Key Authentication Wizard starts.
Figure 4.3. The Public-Key Authentication Wizard
Define the key properties and the required passphrase to protect your key pair.
File Name
Type a unique name for the key file. Tectia Client and Server suggest a name consisting of the user name and the host name.
Comment
Write a short comment that describes the key pair. For example, describe the connection the key is used for. This field is not obligatory, but it helps to identify the key later.
Passphrase
Type a phrase that is difficult to guess. Use at least 8 characters, both letters and numbers. Any punctuation characters can be used as well.
Note
In FIPS mode, due to a FIPS regulation which forbids exporting unencrypted private keys out of the FIPS module, it is not possible to generate user keys without a passphrase.
If the key pair will be used for automated jobs, you can leave the passphrase field empty to generate the key without a passphrase.
You will be requested to enter the passphrase always when using the keys to authenticate yourself. The passphrase works in a way similar to a password and gives some protection for your private key.
Memorize the passphrase carefully, and do not write it down.
Retype passphrase
Type the passphrase again. This ensures that you have not made a typing error.
Click the Advanced Options if you want to define the type of the key to be generated and the key length to be different from the defaults. By default, Tectia Client and Server generates a pair of 2048-bit DSA keys.
In the Key Properties fields, you can make the following selections:
Key Type
Select the type of the key to be generated. Available options are DSA or RSA.
Key Length
Select the length (complexity) of the key to be generated. Available options are 1024, 2048 or 3072 bits. Larger keys are more secure, but also slower to generate.
Click Next to proceed to uploading the key. The wizard continues with Step 3 in Uploading Public Keys Automatically.

	Note
In FIPS mode, due to a FIPS regulation which forbids exporting unencrypted private keys out of the FIPS module, it is not possible to generate user keys without a passphrase.

Uploading existing public keys to new remote servers is instructed in Uploading Public Keys Automatically.